← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #28827

[Bug 1425887] [NEW] Setting 'enable_snat' be false does not work in DVR

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I create a DVR with 'enable_snat' false, but the snat namespace also is
create on 'dvr_snat' node:

root@shz-vpn02:/var/log/neutron# neutron router-list
+--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id                                   | name | external_gateway_info                                                                                                                                                                    | distributed | ha    |
+--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 2a3b6825-0bff-46d9-aea9-535176e78387 | dvr  | {"network_id": "dbed9af5-528b-4aec-b22f-d0ad8c346e02", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "63705be9-d3db-4159-9e49-fd7e35b9c893", "ip_address": "172.24.4.99"}]} | True        | False |

in 'dvr_snat' node, the snat-xxx is created, but the snat rule does not
add, so I think the snat namespace does not be created:

root@shz-vpn01:/var/log/neutron# ip netns list
snat-2a3b6825-0bff-46d9-aea9-535176e78387
qrouter-2a3b6825-0bff-46d9-aea9-535176e78387

root@shz-vpn01:/var/log/neutron# ip netns exec qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 iptables-save -t nat
# Generated by iptables-save v1.4.21 on Thu Feb 26 10:30:32 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:neutron-l3-agent-OUTPUT - [0:0]
:neutron-l3-agent-POSTROUTING - [0:0]
:neutron-l3-agent-PREROUTING - [0:0]
:neutron-l3-agent-float-snat - [0:0]
:neutron-l3-agent-snat - [0:0]
:neutron-postrouting-bottom - [0:0]
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
COMMIT
# Completed on Thu Feb 26 10:30:32 2015

** Affects: neutron
     Importance: Undecided
     Assignee: shihanzhang (shihanzhang)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => shihanzhang (shihanzhang)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1425887

Title:
  Setting 'enable_snat' be false does not work in DVR

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  I create a DVR with 'enable_snat' false, but the snat namespace also
  is create on 'dvr_snat' node:

  root@shz-vpn02:/var/log/neutron# neutron router-list
  +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
  | id                                   | name | external_gateway_info                                                                                                                                                                    | distributed | ha    |
  +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
  | 2a3b6825-0bff-46d9-aea9-535176e78387 | dvr  | {"network_id": "dbed9af5-528b-4aec-b22f-d0ad8c346e02", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "63705be9-d3db-4159-9e49-fd7e35b9c893", "ip_address": "172.24.4.99"}]} | True        | False |

  in 'dvr_snat' node, the snat-xxx is created, but the snat rule does
  not add, so I think the snat namespace does not be created:

  root@shz-vpn01:/var/log/neutron# ip netns list
  snat-2a3b6825-0bff-46d9-aea9-535176e78387
  qrouter-2a3b6825-0bff-46d9-aea9-535176e78387

  root@shz-vpn01:/var/log/neutron# ip netns exec qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 iptables-save -t nat
  # Generated by iptables-save v1.4.21 on Thu Feb 26 10:30:32 2015
  *nat
  :PREROUTING ACCEPT [0:0]
  :INPUT ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  :neutron-l3-agent-OUTPUT - [0:0]
  :neutron-l3-agent-POSTROUTING - [0:0]
  :neutron-l3-agent-PREROUTING - [0:0]
  :neutron-l3-agent-float-snat - [0:0]
  :neutron-l3-agent-snat - [0:0]
  :neutron-postrouting-bottom - [0:0]
  -A PREROUTING -j neutron-l3-agent-PREROUTING
  -A OUTPUT -j neutron-l3-agent-OUTPUT
  -A POSTROUTING -j neutron-l3-agent-POSTROUTING
  -A POSTROUTING -j neutron-postrouting-bottom
  -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
  -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
  -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
  COMMIT
  # Completed on Thu Feb 26 10:30:32 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1425887/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next